1. Home
  2. Vulnerabilities
  3. CVE-2019-14901

CVE-2019-14901

CVSS v3.1 9.8 (Critical)
98% Progress
CVSS v2.0 10 (High)
100% Progress
EPSS 2.46 % (90th)
2.46% Progress
Affected Products 4
Advisories 46
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system.

Weaknesses
CWE-122
Heap-based Buffer Overflow
CWE-400
Uncontrolled Resource Consumption
CWE-787
Out-of-bounds Write
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2019-11-29 15:15:11
(4 years ago)
Updated Date
2023-02-12 23:37:01
(19 months ago)

Affected Products

Canonical

Debian

Fedoraproject

Linux

Configuration #1

    CPE23 From Up To
  Linux Kernel from 3.15 version and prior 3.16.83 version cpe:2.3:o:linux:linux_kernel >= 3.15 < 3.16.83
  Linux Kernel from 3.17 version and prior 4.4.217 version cpe:2.3:o:linux:linux_kernel >= 3.17 < 4.4.217
  Linux Kernel from 4.5 version and prior 4.9.217 version cpe:2.3:o:linux:linux_kernel >= 4.5 < 4.9.217
  Linux Kernel from 4.10 version and prior 4.14.164 version cpe:2.3:o:linux:linux_kernel >= 4.10 < 4.14.164
  Linux Kernel from 4.15 version and prior 4.19.95 version cpe:2.3:o:linux:linux_kernel >= 4.15 < 4.19.95
  Linux Kernel from 4.20 version and prior 5.4.11 version cpe:2.3:o:linux:linux_kernel >= 4.20 < 5.4.11

Configuration #2

    CPE23 From Up To
  Fedoraproject Fedora 30 cpe:2.3:o:fedoraproject:fedora:30
  Fedoraproject Fedora 31 cpe:2.3:o:fedoraproject:fedora:31

Configuration #3

    CPE23 From Up To
  Debian Linux 8.0 cpe:2.3:o:debian:debian_linux:8.0

Configuration #4

    CPE23 From Up To
  Canonical Ubuntu Linux 14.04 cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm
  Canonical Ubuntu Linux 16.04 cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm
  Canonical Ubuntu Linux 18.04 cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts
  Canonical Ubuntu Linux 19.10 cpe:2.3:o:canonical:ubuntu_linux:19.10